Subscribe to the latest research through IGI Global's new InfoSci-OnDemand Plus

InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 100,000 peer-reviewed book chapters and 26,000+ scholarly journal articles covering 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.

Encyclopedia of Information Science and Technology, Fourth Edition (10 Volumes) Now 50% Off

Take 50% off when purchasing the Encyclopedia directly through IGI Global's Online Bookstore. Plus, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.

InfoSci®-Journals Annual Subscription Price for New Customers: As Low As US$ 5,100

This collection of over 175 e-journals offers unlimited access to highly-cited, forward-thinking content in full-text PDF and XML with no DRM. There are no platform or maintenance fees and a guarantee of no more than 5% increase annually.

Abstract

Computer crime is now becoming a major international problem, with continual increases in incidents of cracking, hacking, viruses, worms, bacteria and the like having been reported in recent years. As a result of this massive vulnerabilities and new intrusion techniques, the rate of computer crime has accelerated beyond imagination. It is therefore vital to find policy of reducing and controlling the risk associated with such activities. However, unless the security challenges and countermeasures are well understood, the policy may not yield any fruitful results. This chapter discusses different categories of computer crime for the benefit of individuals and organizations concern with combating the problem. The chapter also discuses some security policies as means of limiting some of the vulnerabilities mentioned.

Introduction

In many countries, computer networks are used to control, manage and operate system services. Transportation, banking, power system, radio and television, gas, water, health services and telecommunication are highly automated and computerized. These systems, in addition to defense, government, and education form part of a society’s critical information infrastructure. The vulnerability of critical infrastructure is constantly reinforced by regular media report. For instance, it was reported in (CSI, 2000a) that in October 2000, air traffic control radar systems failed for four hours, resulting in airports throughout the USA being gridlocked with grounded aircraft. In a similar report (CSI, 2000b), a hacker altered parameters on sewage pump stations causing raw sewage to overflow on the Australian Sunshine Cost in Queensland. More recently, in September 2008, online criminals compromised hundreds of pages on the BusinessWeek.com website with a SQLinjection attack (Cisco, 2008).

Since cyber crimes very critical these days and will continue to be for the foreseeable future. It is important to find means or actions to be taken in order to reduce the impact or level of any threat. To achieve this, first we need to understand what risks, threats, and vulnerabilities currently exist in our environment. Second, we need to learn as much as possible about the problems so that we can formulate a solid response. This implies that we must develop and implement a comprehensive protection and response plan or policy in order to prevent or minimize attacks. The policy should provide response guidelines that cover every phase of an attack in the fastest, most efficient manner. Finally, we need to intelligently deploy our selected countermeasures and safeguards to erect protections around our most mission-critical assets. While there is no silver bullet to eliminate all threats, vulnerabilities and breaches, organizations can focus on addressing attacks during the most dangerous time. The costs associated with each individual attack are directly proportional to the amount of time that it takes an organization to approach the attack. Thus, the better prepared an organization is to detect, protect, and take down attacks proactively, the more likely that the organization will be able to prevent and/or recover from attacks. By trying to nip the problem in the bud, an organization can greatly reduce the amount of time wasted and money lost due to protecting the impact of a potential attack. It was reported that the Code Red Worm had caused over $2 billion in damage in 2001 (CNN, 2001). In July 2009, a report by (NewsFactor, 2009) revealed that an Internet thieves had stolen more than 289,000 Hong Kong dollars (37,000 US dollars) From Honk Kong Bank accounts.

While it may be difficult to predict precisely how technology will evolve, studying the history of telephone to Internet, mainframe to personal computer, kilobyte to terabyte, it seems reasonable to note that in the not-too-distance future, interactive computing technology, in whatever form, will be an integral and invisible constituent of our lives. In the course of doing it, the computing technology will also most definitely raise problems in relation to the security frameworks that surrounds it. The following part of the chapter examines some security policy challenges associated with computer systems in general and attempts to highlights various methods of limiting their impact. The chapter also looks into the different aspect of attacks and the various types of attack tools. Reports of vulnerabilities and hacking incidents were also given. It also discusses the impacts of such activities by reporting the cost of damages caused by cyber attackers in recent years. Some countermeasures such as recovery planning and risk management were discussed.